top title background image
flash

8082-x64.ps1

Status: finished
Submission Time: 2023-01-08 15:58:21 +01:00
Malicious
Trojan
CobaltStrike, Metasploit

Comments

Tags

  • 45139105143
  • CobaltStrike
  • opendir
  • ps1

Details

  • Analysis ID:
    780201
  • API (Web) ID:
    1147471
  • Analysis Started:
    2023-01-08 15:58:32 +01:00
  • Analysis Finished:
    2023-01-08 16:06:36 +01:00
  • MD5:
    4ebf3871ba1b7b1b821b211a34b5a7f6
  • SHA1:
    705f8834ab9efa80f4eb59c245af3553c8f7f859
  • SHA256:
    a55296309871408165c248cb6e5c88e84da5682bdddc5cce220552660536d93b
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 37/61
malicious
Score: 30/41
malicious

IPs

IP Country Detection
20.104.209.69
United States

URLs

Name Detection
http://20.104.209.69:8082/1/events/com.amazon.csm.csa.prod
20.104.209.69
http://20.104.209.69:8082/broadcast
Click to see the 21 hidden entries
https://contoso.com/License
http://20.104.209.69:8082/broadcastg
https://github.com/Pester/Pester
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://20.104.209.69:8082/broadcast0
http://20.104.209.69:8082/broadcastashSessionKeyBackward
http://20.104.209.69:8082/broadcastashSessionKeyBackwardc
http://20.104.209.69:8082/broadcastashSessionKeyBackwardC
https://contoso.com/Icon
http://20.104.209.69:8082/broadcastashSessionKeyBackwardS
https://nuget.org/nuget.exe
https://contoso.com/
https://d22u79neyj432a.cloudfront.net/bfc50dfa-8e10-44b5-ae59-ac26bfc71489/54857e6d-c060-4b3c-914a-8
https://go.micro
https://www.amazon.com
http://www.apache.org/licenses/LICENSE-2.0.html
https://d22u79neyj432a.cloudfront.net/bfc50dfa-8e10-44b5-ae59-ac26bfc71489/54857e6d-c
http://pesterbdd.com/images/Pester.png
http://20.104.209.69:8082/broadcast~
http://nuget.org/NuGet.exe
http://20.104.209.69:8082/broadcastashSessionKeyBackwards

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2czwuov1.a4m.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ysmgpxgf.4xc.ps1
very short file (no magic)
#
Click to see the 2 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EDDQAR9L4R6VK24IYBE0.temp
data
#